fix(api): always use ASCII forms of domains (#61)

* test(api): CloudflareAuth.New

* fix(api): always use ASCII forms to access Cloudflare API

* test(api): update the test of api

* docs(api): remove the bogus comment

* test(api): rename test

README.markdown

@@ -16,8 +16,8 @@ A small and fast DDNS updater for Cloudflare.
    🔸 Effective GID:      1000
    🔸 Supplementary GIDs: (empty)
 🔇 Quiet mode enabled.
-🐣 Added a new A record of …… (ID: ……).
-🐣 Added a new AAAA record of …… (ID: ……).
+🐣 Added a new A record of "……" (ID: ……).
+🐣 Added a new AAAA record of "……" (ID: ……).
 ```
 
 ## 📜 Highlights

internal/api/cloudflare.go

@@ -30,7 +30,7 @@ const (
 type CloudflareAuth struct {
 	Token     string
 	AccountID string
-	URL       string
+	BaseURL   string
 }
 
 func (t *CloudflareAuth) New(ctx context.Context, indent pp.Indent, cacheExpiration time.Duration) (Handle, bool) {
@@ -41,8 +41,8 @@ func (t *CloudflareAuth) New(ctx context.Context, indent pp.Indent, cacheExpirat
 	}
 
 	// set the base URL (mostly for testing)
-	if t.URL != "" {
-		handle.BaseURL = t.URL
+	if t.BaseURL != "" {
+		handle.BaseURL = t.BaseURL
 	}
 
 	// this is not needed, but is helpful for diagnosing the problem
@@ -82,7 +82,7 @@ func (h *CloudflareHandle) ActiveZones(ctx context.Context, indent pp.Indent, na
 
 	res, err := h.cf.ListZonesContext(ctx, cloudflare.WithZoneFilters(name, h.cf.AccountID, "active"))
 	if err != nil {
-		pp.Printf(indent, pp.EmojiError, "Failed to check the existence of a zone named %s: %v", name, err)
+		pp.Printf(indent, pp.EmojiError, "Failed to check the existence of a zone named %q: %v", name, err)
 		return nil, false
 	}
 
@@ -97,7 +97,7 @@ func (h *CloudflareHandle) ActiveZones(ctx context.Context, indent pp.Indent, na
 }
 
 func (h *CloudflareHandle) ZoneOfDomain(ctx context.Context, indent pp.Indent, domain FQDN) (string, bool) {
-	if id, found := h.cache.zoneOfDomain.Get(domain.String()); found {
+	if id, found := h.cache.zoneOfDomain.Get(domain.ToASCII()); found {
 		return id.(string), true
 	}
 
@@ -113,7 +113,7 @@ zoneSearch:
 		case 0: // len(zones) == 0
 			continue zoneSearch
 		case 1: // len(zones) == 1
-			h.cache.zoneOfDomain.SetDefault(domain.String(), zones[0])
+			h.cache.zoneOfDomain.SetDefault(domain.ToASCII(), zones[0])
 
 			return zones[0], true
 
@@ -124,13 +124,13 @@ zoneSearch:
 		}
 	}
 
-	pp.Printf(indent, pp.EmojiError, "Failed to find the zone of %s.", domain)
+	pp.Printf(indent, pp.EmojiError, "Failed to find the zone of %q.", domain.Describe())
 	return "", false
 }
 
 func (h *CloudflareHandle) ListRecords(ctx context.Context, indent pp.Indent,
 	domain FQDN, ipNet ipnet.Type) (map[string]net.IP, bool) {
-	if rmap, found := h.cache.listRecords[ipNet].Get(domain.String()); found {
+	if rmap, found := h.cache.listRecords[ipNet].Get(domain.ToASCII()); found {
 		return rmap.(map[string]net.IP), true
 	}
 
@@ -141,11 +141,11 @@ func (h *CloudflareHandle) ListRecords(ctx context.Context, indent pp.Indent,
 
 	//nolint:exhaustivestruct // Other fields are intentionally unspecified
 	rs, err := h.cf.DNSRecords(ctx, zone, cloudflare.DNSRecord{
-		Name: domain.String(),
+		Name: domain.ToASCII(),
 		Type: ipNet.RecordType(),
 	})
 	if err != nil {
-		pp.Printf(indent, pp.EmojiError, "Failed to retrieve records of %s: %v", domain, err)
+		pp.Printf(indent, pp.EmojiError, "Failed to retrieve records of %q: %v", domain.Describe(), err)
 		return nil, false
 	}
 
@@ -165,15 +165,15 @@ func (h *CloudflareHandle) DeleteRecord(ctx context.Context, indent pp.Indent,
 	}
 
 	if err := h.cf.DeleteDNSRecord(ctx, zone, id); err != nil {
-		pp.Printf(indent, pp.EmojiError, "Failed to delete a stale %s record of %s (ID: %s): %v",
-			ipNet.RecordType(), domain, id, err)
+		pp.Printf(indent, pp.EmojiError, "Failed to delete a stale %s record of %q (ID: %s): %v",
+			ipNet.RecordType(), domain.Describe(), id, err)
 
-		h.cache.listRecords[ipNet].Delete(domain.String())
+		h.cache.listRecords[ipNet].Delete(domain.ToASCII())
 
 		return false
 	}
 
-	if rmap, found := h.cache.listRecords[ipNet].Get(domain.String()); found {
+	if rmap, found := h.cache.listRecords[ipNet].Get(domain.ToASCII()); found {
 		delete(rmap.(map[string]net.IP), id)
 	}
 
@@ -189,21 +189,21 @@ func (h *CloudflareHandle) UpdateRecord(ctx context.Context, indent pp.Indent,
 
 	//nolint:exhaustivestruct // Other fields are intentionally omitted
 	payload := cloudflare.DNSRecord{
-		Name:    domain.String(),
+		Name:    domain.ToASCII(),
 		Type:    ipNet.RecordType(),
 		Content: ip.String(),
 	}
 
 	if err := h.cf.UpdateDNSRecord(ctx, zone, id, payload); err != nil {
-		pp.Printf(indent, pp.EmojiError, "Failed to update a stale %s record of %s (ID: %s): %v",
-			ipNet.RecordType(), domain, id, err)
+		pp.Printf(indent, pp.EmojiError, "Failed to update a stale %s record of %q (ID: %s): %v",
+			ipNet.RecordType(), domain.Describe(), id, err)
 
-		h.cache.listRecords[ipNet].Delete(domain.String())
+		h.cache.listRecords[ipNet].Delete(domain.ToASCII())
 
 		return false
 	}
 
-	if rmap, found := h.cache.listRecords[ipNet].Get(domain.String()); found {
+	if rmap, found := h.cache.listRecords[ipNet].Get(domain.ToASCII()); found {
 		rmap.(map[string]net.IP)[id] = ip
 	}
 
@@ -219,7 +219,7 @@ func (h *CloudflareHandle) CreateRecord(ctx context.Context, indent pp.Indent,
 
 	//nolint:exhaustivestruct // Other fields are intentionally omitted
 	payload := cloudflare.DNSRecord{
-		Name:    domain.String(),
+		Name:    domain.ToASCII(),
 		Type:    ipNet.RecordType(),
 		Content: ip.String(),
 		TTL:     ttl,
@@ -228,14 +228,15 @@ func (h *CloudflareHandle) CreateRecord(ctx context.Context, indent pp.Indent,
 
 	res, err := h.cf.CreateDNSRecord(ctx, zone, payload)
 	if err != nil {
-		pp.Printf(indent, pp.EmojiError, "Failed to add a new %s record of %s: %v", ipNet.RecordType(), domain, err)
+		pp.Printf(indent, pp.EmojiError, "Failed to add a new %s record of %q: %v",
+			ipNet.RecordType(), domain.Describe(), err)
 
-		h.cache.listRecords[ipNet].Delete(domain.String())
+		h.cache.listRecords[ipNet].Delete(domain.ToASCII())
 
 		return "", false
 	}
 
-	if rmap, found := h.cache.listRecords[ipNet].Get(domain.String()); found {
+	if rmap, found := h.cache.listRecords[ipNet].Get(domain.ToASCII()); found {
 		rmap.(map[string]net.IP)[res.Result.ID] = ip
 	}
 

internal/api/cloudflare_test.go

@@ -0,0 +1,118 @@
+package api_test
+
+import (
+	"context"
+	"crypto/sha512"
+	"encoding/hex"
+	"fmt"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/favonia/cloudflare-ddns/internal/api"
+)
+
+// mockID returns a hex string of length 32, suitable for all kinds of IDs
+// used in the Cloudflare API.
+func mockID(seed string) string {
+	arr := sha512.Sum512([]byte(seed))
+	return hex.EncodeToString(arr[:16])
+}
+
+const (
+	mockToken   = "token123"
+	mockAccount = "account456"
+)
+
+func TestCloudflareAuthNewValid(t *testing.T) {
+	t.Parallel()
+
+	mux := http.NewServeMux()
+	ts := httptest.NewServer(mux)
+	defer ts.Close()
+
+	mux.HandleFunc("/user/tokens/verify", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method)
+		assert.Equal(t, []string{fmt.Sprintf("Bearer %s", mockToken)}, r.Header["Authorization"])
+
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w,
+			`{
+			  "result": { "id": "%s", "status": "active" },
+			  "success": true,
+			  "errors": [],
+			  "messages": [
+			    {
+			      "code": 10000,
+						"message": "This API Token is valid and active",
+			      "type": null
+			    }
+			  ]
+			}`, mockID("result"))
+	})
+
+	auth := api.CloudflareAuth{
+		Token:     mockToken,
+		AccountID: mockAccount,
+		BaseURL:   ts.URL,
+	}
+
+	h, ok := auth.New(context.Background(), 3, time.Second)
+	require.NotNil(t, h)
+	require.True(t, ok)
+}
+
+func TestCloudflareAuthNewEmpty(t *testing.T) {
+	t.Parallel()
+
+	mux := http.NewServeMux()
+	ts := httptest.NewServer(mux)
+	defer ts.Close()
+
+	auth := api.CloudflareAuth{
+		Token:     "",
+		AccountID: mockAccount,
+		BaseURL:   ts.URL,
+	}
+
+	h, ok := auth.New(context.Background(), 3, time.Second)
+	require.Nil(t, h)
+	require.False(t, ok)
+}
+
+func TestCloudflareAuthNewInvalid(t *testing.T) {
+	t.Parallel()
+
+	mux := http.NewServeMux()
+	ts := httptest.NewServer(mux)
+	defer ts.Close()
+
+	mux.HandleFunc("/user/tokens/verify", func(w http.ResponseWriter, r *http.Request) {
+		assert.Equal(t, http.MethodGet, r.Method)
+		assert.Equal(t, []string{fmt.Sprintf("Bearer %s", mockToken)}, r.Header["Authorization"])
+
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Header().Set("content-type", "application/json")
+		fmt.Fprintf(w,
+			`{
+			  "success": false,
+			  "errors": [{ "code": 1000, "message": "Invalid API Token" }],
+			  "messages": [],
+			  "result": null
+			}`)
+	})
+
+	auth := api.CloudflareAuth{
+		Token:     mockToken,
+		AccountID: mockAccount,
+		BaseURL:   ts.URL,
+	}
+
+	h, ok := auth.New(context.Background(), 3, time.Second)
+	require.Nil(t, h)
+	require.False(t, ok)
+}

internal/api/fqdn.go

@@ -23,17 +23,26 @@ type FQDN string
 // safelyToUnicode takes an ASCII form and returns the Unicode form
 // when the round trip gives the same ASCII form back without errors.
 // Otherwise, the input ASCII form is returned.
-func safelyToUnicode(ascii string) string {
+func safelyToUnicode(ascii string) (string, bool) {
 	unicode, errToA := profile.ToUnicode(ascii)
 	roundTrip, errToU := profile.ToASCII(unicode)
 	if errToA != nil || errToU != nil || roundTrip != ascii {
-		return ascii
+		return ascii, false
 	}
 
-	return unicode
+	return unicode, true
 }
 
-func (f FQDN) String() string { return string(f) }
+func (f FQDN) ToASCII() string { return string(f) }
+
+func (f FQDN) Describe() string {
+	best, ok := safelyToUnicode(string(f))
+	if !ok {
+		return string(f)
+	}
+
+	return best
+}
 
 // NewFQDN normalizes a domain to its ASCII form and then stores
 // the normalized domain in its Unicode form when the round trip
@@ -45,7 +54,7 @@ func NewFQDN(domain string) (FQDN, error) {
 	// Remove the final dot for consistency
 	normalized = strings.TrimSuffix(normalized, ".")
 
-	return FQDN(safelyToUnicode(normalized)), err
+	return FQDN(normalized), err
 }
 
 func SortFQDNs(s []FQDN) { sort.Slice(s, func(i, j int) bool { return s[i] < s[j] }) }
@@ -58,7 +67,7 @@ type FQDNSplitter struct {
 
 func NewFQDNSplitter(domain FQDN) *FQDNSplitter {
 	return &FQDNSplitter{
-		domain:    domain.String(),
+		domain:    domain.ToASCII(),
 		cursor:    0,
 		exhausted: false,
 	}